# HG changeset patch # User Wolfgang Rosenauer # Date 1449436998 -3600 # Node ID 5d23fade31436b61c891bd57ea4a6a713dee04a9 # Parent ee3c462047d5e082b235d9dd5a9d3a498cb7ab11# Parent 2e9f984bca7fcdb62ee83f19467f4449fc4d4658 merge from firefox42 diff -r ee3c462047d5 -r 5d23fade3143 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Oct 31 20:58:31 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Dec 06 22:23:18 2015 +0100 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org + +- Add desktop menu action for private browsing window to desktop + file (boo#954747) +- remove obsolete patch mozilla-bmo1005535.patch completely from + source package to avoid automatic check failures + +------------------------------------------------------------------- Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org - update to Firefox 42.0 (bnc#952810) @@ -9,7 +17,49 @@ * WebRTC improvements * Indicator added to tabs that play audio with one-click muting * Media Source Extension for HTML5 video available for all sites -- requires NSPR 4.10.10 and NSS 3.19.4 + security fixes: + * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 + Miscellaneous memory safety hazards + * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) + Information disclosure through NTLM authentication + * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) + CSP bypass due to permissive Reader mode whitelist + * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) + Firefox for Android addressbar can be removed after fullscreen mode + * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) + Reading sensitive profile files through local HTML file on Android + * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) + disabling scripts in Add-on SDK panels has no effect + * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) + Trailing whitespace in IP address hostnames can bypass same-origin policy + * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) + Buffer overflow during image interactions in canvas + * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) + Android intents can be used on Firefox for Android to open privileged files + * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) + XSS attack through intents on Firefox for Android + * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) + Crash when accessing HTML tables with accessibility tools on OS X + * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) + CORS preflight is bypassed when non-standard Content-Type headers + are received + * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) + Memory corruption in libjar through zip files + * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) + Certain escaped characters in host of Location-header are being + treated as non-escaped + * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) + JavaScript garbage collection crash with Java applet + * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 + (bmo#1188010, bmo#1204061, bmo#1204155) + Vulnerabilities found through code inspection + * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) + Mixed content WebSocket policy bypass through workers + * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 + (bmo#1202868, bmo#1205157) + NSS and NSPR memory corruption issues + (fixed in mozilla-nspr and mozilla-nss packages) +- requires NSPR >= 4.10.10 and NSS >= 3.19.4 - removed obsolete patches * mozilla-arm-disable-edsp.patch * mozilla-icu-strncat.patch diff -r ee3c462047d5 -r 5d23fade3143 MozillaFirefox/MozillaFirefox.desktop --- a/MozillaFirefox/MozillaFirefox.desktop Sat Oct 31 20:58:31 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.desktop Sun Dec 06 22:23:18 2015 +0100 @@ -10,3 +10,9 @@ StartupNotify=true MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;application/x-xpinstall;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp; Type=Application + +Actions=PrivateBrowsing; + +[Desktop Action PrivateBrowsing] +Name=New Private Browsing Window +Exec=%EXEC --private-window %u diff -r ee3c462047d5 -r 5d23fade3143 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Oct 31 20:58:31 2015 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Sun Dec 06 22:23:18 2015 +0100 @@ -18,10 +18,10 @@ # changed with every update -%define major 41 +%define major 42 %define mainver %major.99 %define update_channel beta -%define releasedate 2015103000 +%define releasedate 2015120300 # general build definitions %if "%{update_channel}" != "aurora" @@ -145,7 +145,6 @@ Patch6: mozilla-ntlm-full-path.patch Patch7: mozilla-repo.patch Patch8: mozilla-openaes-decl.patch -Patch9: mozilla-bmo1005535.patch Patch10: mozilla-no-stdcxx-check.patch Patch11: mozilla-libproxy.patch # Firefox/browser @@ -255,7 +254,6 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 -#%patch9 -p1 %patch10 -p1 %patch11 -p1 # Firefox diff -r ee3c462047d5 -r 5d23fade3143 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sat Oct 31 20:58:31 2015 +0100 +++ b/MozillaFirefox/create-tar.sh Sun Dec 06 22:23:18 2015 +0100 @@ -2,8 +2,8 @@ CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_42_0b9_RELEASE" -VERSION="41.99" +RELEASE_TAG="FIREFOX_43_0b9_RELEASE" +VERSION="42.99" # mozilla if [ -d mozilla ]; then